^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) #include <linux/compiler.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) #include <linux/fault-inject-usercopy.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) #include <linux/kasan-checks.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) #include <linux/thread_info.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/mm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <asm/byteorder.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <asm/word-at-a-time.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #define IS_UNALIGNED(src, dst) 0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #define IS_UNALIGNED(src, dst) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) (((long) dst | (long) src) & (sizeof(long) - 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) * Do a strncpy, return length of string without final '\0'.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) * 'count' is the user-supplied count (return 'count' if we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) * hit it), 'max' is the address space maximum (and we return
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) * -EFAULT if we hit it).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) static inline long do_strncpy_from_user(char *dst, const char __user *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) unsigned long count, unsigned long max)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) unsigned long res = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (IS_UNALIGNED(src, dst))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) goto byte_at_a_time;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) while (max >= sizeof(unsigned long)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) unsigned long c, data, mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) /* Fall back to byte-at-a-time if we get a page fault */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) * Note that we mask out the bytes following the NUL. This is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) * important to do because string oblivious code may read past
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) * the NUL. For those routines, we don't want to give them
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * potentially random bytes after the NUL in `src`.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) * One example of such code is BPF map keys. BPF treats map keys
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) * as an opaque set of bytes. Without the post-NUL mask, any BPF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) * maps keyed by strings returned from strncpy_from_user() may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) * have multiple entries for semantically identical strings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) if (has_zero(c, &data, &constants)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) data = prep_zero_mask(c, data, &constants);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) data = create_zero_mask(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) mask = zero_bytemask(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) *(unsigned long *)(dst+res) = c & mask;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) return res + find_zero(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) *(unsigned long *)(dst+res) = c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) res += sizeof(unsigned long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) max -= sizeof(unsigned long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) byte_at_a_time:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) while (max) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) char c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) unsafe_get_user(c,src+res, efault);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) dst[res] = c;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) if (!c)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) return res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) res++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) max--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) * Uhhuh. We hit 'max'. But was that the user-specified maximum
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) * too? If so, that's ok - we got as much as the user asked for.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) if (res >= count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) return res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) * Nope: we hit the address space limit, and we still had more
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) * characters the caller would have wanted. That's an EFAULT.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) efault:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) * strncpy_from_user: - Copy a NUL terminated string from userspace.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) * @dst: Destination address, in kernel space. This buffer must be at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) * least @count bytes long.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) * @src: Source address, in user space.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) * @count: Maximum number of bytes to copy, including the trailing NUL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) * Copies a NUL-terminated string from userspace to kernel space.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) * On success, returns the length of the string (not including the trailing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) * NUL).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) * If access to userspace fails, returns -EFAULT (some data may have been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) * copied).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) * If @count is smaller than the length of the string, copies @count bytes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) * and returns @count.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) long strncpy_from_user(char *dst, const char __user *src, long count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) unsigned long max_addr, src_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) might_fault();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) if (should_fail_usercopy())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) if (unlikely(count <= 0))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) max_addr = user_addr_max();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) src_addr = (unsigned long)untagged_addr(src);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) if (likely(src_addr < max_addr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) unsigned long max = max_addr - src_addr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) long retval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) * Truncate 'max' to the user-specified limit, so that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) * we only have one limit we need to check in the loop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) if (max > count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) max = count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) kasan_check_write(dst, count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) check_object_size(dst, count, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) if (user_read_access_begin(src, max)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) retval = do_strncpy_from_user(dst, src, count, max);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) user_read_access_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) return retval;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) EXPORT_SYMBOL(strncpy_from_user);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags